Tons of traffic on port 29
Well, I setup iptraf the other night to audit my network connections as things were going a little slow. After running it for a few hours everything seemed fine, but then I started noticing a lot of packets being sent to TCP port 29. I don't have any services running on this port, and if it were a random hacker then my DMZ'd server would've been inundated with these packets. This leads me to the conclusion that there's some program on my computer sending these packets out to a remote connection.
I found the IP that the packets were being sent to, but I did not find much info on a whois, however it seems to just be a small user-ip for an ISP.
I did a portscan just to see what might be enabled, to see if it's a server or what, and the only port actually open on it was port 29 and 389. So, my computer is now just randomly sending out packets to some random server on the internet reading in from port 29. I'm not quite sure what the heck is going on here, but so far I've just put some rules in my firewalls to keep the packets from reaching their host, but the packets keep being generated by whatever program on my computer is linked to this.
Is there a way to figure out what program is connecting and sending these packets, or should I just not worry about it? It seems a little nefarious to me, so I'd like to be able to find the offending program and see if everything is okay.
This is an excerpt from my iptraf tcp services log
I should also note that even with my firewall rules, iptraf is continuing to log packets for this port. I suppose these could be SYN packets, but due to the disproportion between outoing and incoming, I think it is an application on my computer attempting to send this information.
Running time: 32400 seconds
*** TCP/UDP traffic log, generated Sat Sep 1 01:47:47 2007
TCP/29: 653313 packets, 617539169 bytes total, 152.49 kbits/s; 243952 packets, 13614772 bytes incoming, 3.36 kbits/s; 409361 packets, 603924397 bytes outgoing, 149.13 kbits/s